If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Bash Script to automate WEP cracking

I was fairly unhappy with the performance of the "WEP Buster" program in Backtrack 4, and although I am easily able to just type out the needed commands myself, I decided to write this script to automate the process. All you need to do is answer some questions at the beginning to set the variables and the rest is automatic. This script is pretty much idiot-proof, and it has never failed to crack a WEP access point for me. Although it is intended to be run in Backtrack 4, it will also run in Ubuntu if you have the aircrack-ng suite, drivers patched for injection, konsole, and macchanger installed.

UPDATE: This attachment is OLD (v1.2 I believe), the newest version is at the link above.BashWEP.txt

I call it BashWEP

This is my first attempt at scripting, so the code may be a little crude, but I think I did a good job making it fairly sturdy. It evolved several times after testing it with my idiot friends. Any constructive comments or suggestions are appreciated.

Last edited by Hobo4ssassin; 03-27-2011 at 10:06 AM.
Reason: Edited 03/27/2011 to v2.0

Re: Bash Script to automate WEP cracking

Nice script but some remarks, just by reading the script :
- You should let the user choose the interface he wants to use (I sometimes don't use airmon-ng to put in monitor mode and directly use my wifi card that airodump puts in monitor mode). But since you say you wanted to do something idiot-proof, not leaving the choice can be good!
- When launching airodump to show APs, maybe add a -a option to avoid non-associated clients to show up.

That is all ! Also, maybe some error checking, but since I suck at that, I can't really tell people to be cautious with that (and I know it's a bad behavior I have to change...)

I'll try to give it a try and I'll edit this post to report!

EDIT: So I tried it and... it failed me, sorry! Well, I didn't want to wait for hours getting a data packet, so I'll try again while I use the connection to generate data packets.
Also, you should try using xterm windows instead of konsole. You can get their pid and kill them once you don't need them anymore. (I'm just realizing it should be the same with konsole...) But anyway xterm windows are prettier and configurable !

Re: Bash Script to automate WEP cracking

That's strange that you weren't able to capture a data packet. Even with stubborn routers I generally get a decent data packet before it reads 25,000 packets. What was your connection strength with the AP? I have found that it sometimes doesn't get a data packet if the connection strength is below 82dBm.

Right now I have the script set to use the chop-chop attack by default because it generally works for me on the first try, although it sometimes takes up to 10 minutes, but I might add some options to try other types of attacks as well. The secondary attack it is set to use (if something fails or if you cancel the chop-chop attack) is generally much faster but less reliable in my experience. I haven't tried any of the other aireplay-ng attacks besides chop-chop, fragmentation, and replay, and I have never had any success with a fragmentation attack.

Do you have any favorite attacks you think I should add? I could make a menu interface where you could choose what type of attack you'd like to run first...

Re: Bash Script to automate WEP cracking

Yeahp, in fact I was surprised not to see the ARP request attack (-3). Once authenticated, you wait for an ARP and it's done. Of course, you need an ARP, which sometimes never comes. You can also use the -h option to use one of the client's MAC and then deauth them to force reconnecting and gaining an ARP packet. Problem with that procedure is that I don't know how you can automatize it...

As for my not receiving packets, I may have been too far. I'll get closer for a new try

Re: Bash Script to automate WEP cracking

It'll probably take me a few days because I have other things on my plate right now, but I'll try to add a menu sometime this week so it's possible to choose the type of attack you want to use.

Originally I wanted to make this script so simple that even complete idiots can use it, so I might even put a dialog at the beginning asking if you are a beginner or expert, so the beginner mode will run the script as it is now, and the expert mode will give you more options and control over the process.

Code:

echo "What is your skill level?"
echo "[beginner / expert]"

Something like that...

The reasoning behind the format of the current attack is that I very rarely see residential wireless networks with clients always connected, and unless there is mac filtering, this attack works even if there are no associated clients.

As for my name... no it's my gamertag on Live and it just kinda stuck as a nickname, so i use it everywhere now. My friends call me Hobo hahaha I can't wait for Hobo with a Shotgun to come out though. I love those Grindhouse films.

ComaX, I am hoping to get some feedback from you on this version. Most of the changes I made were in response to your initial feedback.

I didn't get a chance to *fully* test this version, partially because it's 5am here, and partially because some of the attacks I added require associated clients. Also I am a little worried about some of the commands behaving differently on different systems because I have only been able to test it out on my personal computer.

Last thing, if anyone uses cafe-latte personally, I would love to see usage example of how *you* use it, and possibly implement it in the next version. I haven't had a chance to use the cafe-latte attack myself, but hopefully sometime this next week I will have a chance to experiment with it against my friend's computer.

Re: Bash Script to automate WEP cracking

Hi, just saw your new version. I'll try it and give you feedback

Edit : a first feedback by reading the code ;
- Adding 3 and 5 attacks is nice
- Changing mac is a nice feature, but you should do some error checking on the mac adress, and maybe make an option to randomize it (totally, or partially, keeping vendor code).
- Same as previous comment, you should get konsoles' pid with $! to close them from your script when you're done with them

Re: Bash Script to automate WEP cracking

Originally Posted by comaX

- Changing mac is a nice feature, but you should do some error checking on the mac adress, and maybe make an option to randomize it (totally, or partially, keeping vendor code).
- Same as previous comment, you should get konsoles' pid with $! to close them from your script when you're done with them

I will probably have some time today to do more thorough testing, to check for errors, and I am currently doing more research on PID and will include that in v2.1
I am teaching myself everything I have done so far, so bear that in mind

p.s. My posts are taking forever to show up because each of my posts need to be approved by a moderator. Is this because I'm new, or is it like that for everyone?